CVE-2025-20157

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-20157
A vulnerability in certificate validation processing of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper validation of certificates that are used by the Smart Licensing feature. An attacker with a privileged network position could exploit this vulnerability by intercepting traffic that is sent over the Internet. A successful exploit could allow the attacker to gain access to sensitive information, including credentials used by the device to connect to Cisco cloud services.

5.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catalyst-tls-PqnD5KEJ
Configurations

No configuration.

History

08 May 2025, 14:39

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en el procesamiento de validación de certificados de Cisco Catalyst SD-WAN Manager, anteriormente Cisco SD-WAN vManage, podría permitir que un atacante remoto no autenticado acceda a información confidencial. Esta vulnerabilidad se debe a una validación incorrecta de los certificados utilizados por la función Smart Licensing. Un atacante con una posición privilegiada en la red podría aprovechar esta vulnerabilidad interceptando el tráfico que se envía a través de Internet. Una explotación exitosa podría permitir al atacante acceder a información confidencial, incluidas las credenciales utilizadas por el dispositivo para conectarse a los servicios en la nube de Cisco.

07 May 2025, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-07 18:15

Updated : 2025-05-08 14:39

NVD link : CVE-2025-20157

Mitre link : CVE-2025-20157

CVE.ORG link : CVE-2025-20157

JSON object : View

Products Affected

No product.

CWE
CWE-295

Improper Certificate Validation